2. Objectives
• Five modes offered for accomplishing three aspects of
Transfer Security
– None
– Transport Security
– Message Security
– Mixed
– Both
3. None Transfer Security Mode
• Turned off
• No Client Credentials provided to Service
• Highly inadvisable
4. Transport Transfer Security Mode
• Secure Communication Protocol
• Encrypts the channel
• Integrity ,No Encryption key – corrupt message
• Privacy, No other party other than recipient
• Mutual Authentication
• Assumption
– Client and Service negotiate details of encryption
– Hardware acceleration
entry point
• Downside
– Point-to-point
– Only by intranet applications
5. Message Transfer Security Mode
• Encrypts the message
• Securely communicate over non-secure transports
Boolean
character
integer
6. Mixed Transfer Security
• Uses Transport for Message integrity and Privacy as well as
Service authetication
• Message security for Client Credentials
• Downside
– Point to point
– Rarely use this
variables
7. Both Transfer Security mode
• Message is encrypted
• Transport channel is encrypted
• Maximizes Security
• Overkill performance
literals
expression
error, x not set
8. Summary
• None is highly inadvisable
• Transport works good in Intranet apps
• Message suits for Internet apps
• Mixed rarely used by developers
• Both kills performance